The Weekly Top 3 - ED #26.2015

By Jon Phish, Fri 26 June 2015, in category News

malware, microsoft, phishing, weekly

The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Expedia, SingPass and an Insider Trader.

Expedia Warns Users About Phishing Scam

Expedia users were the target of a phishing scam earlier this week. Customers of the online hotel-booking site received phishing e-mails attempting to obtain their personal information and credit card information. In some instances, customers were called on the phone by scammers who attempted to trick them into divulging their credit card information. The company sent an alert to their customers stating that someone gained unauthorized access to customer information including name, e-mail address and booking details. However, Expedia stated that no credit card information was stolen. They also confirmed that the information was stolen from a partner hotel and their systems were not compromised by hackers. Click the link below to read more.

http://www.geekwire.com/2015/expedia-warns-users-about-unauthorized-access-of-name-phone-email-and-booking-info/

SingPass Users Targeted by Phishing Campaign

SingPass gives Singapore residents access to electronic government services. Unfortunately, some residents fell victim to phishing scams, which were aimed at obtaining SingPass PINs. The phishing e-mail received by these victims tricked them into believing that their SingPass PINs were suspended and they were required to click on a link in the e-mail. Once this link was clicked, the victim was sent to a fake site that was used to steal their actual PINs. These stolen PINs were used by the scammers to submit fraudulent applications for work passes, which could then be sold. Click the link below to read more.

http://www.straitstimes.com/news/singapore/more-singapore-stories/story/users-warned-about-fraudulent-singpass-phishing-emails-2

US Targets 'Insider Trading' Hackers

The U.S. Security Exchange Commission has recently asked eight companies to provide details about their data breaches because they had solid evidence that these breaches are leading to a new type of unlawful insider trading. Hackers are using spear phishing e-mails as a way of breaching corporate networks for the purpose of gaining knowledge on the U.S. stock markets. Security firms such as FireEye have warned companies that hackers are in the market for financial secrets. Hackers are using Microsoft Word documents with malware embedded, as attachments in these phishing e-mails. These phishing e-mails are subsequently sent to top level executives for the purpose of obtaining access to their e-mail accounts. Click the link below to read more.

http://www.bbc.com/news/technology-33254019